• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved any way to flush all logs ?

raykai

raykai

Basic Pleskian
im having a log prob with fail2ban and im looking for a way to clear all system and all domains logs completely. fail2ban is blocking a cloudflare ip and i cant seam to find where its reading it from.

only clue i have is its a recidive jail.
 
I'd discourage flushing logs as some software might actually quit working if an expected log file cannot be found. You will also lose a lot of data that might prove as an important resource for solving other issues. Instead of flushing logs, your could rotate them with logrotate. But there is easy way to do it for all the logs on a system in a simple command. You'll have to know all log locations and instruct logrotate what to do with them seperately.

As an alternative: If you know that a cloudflare IP is blocked, you must also know what the IP is. Could you simply add that IP to fail2ban's whitelist?
 
Hi raykai,

all banned ip addresses are saved in the fail2ban.sqlite3 file located in /var/lib/fail2ban/fail2ban.sqlite3
Even if you clear all log files - fail2ban will recreate all banned ips out of the database after every sevice restart untill the bantime for the ip runs out! But first of all you need to find out why your cloudflare ip gets banned before doing anything else ;)

I personally use my recidive jail with a bantime = -1 :D that means every ip in this jail is banned for ever - till the end of time or even if I will unban it manually ;)
If you are using the standard recidive jail settings you only have to wait 7 days untill the ip gets unbanned. Of course you don't need to wait so long!

Here are 3 ways for solving your problem:

1. You are using the standard recidive jail settings? Perfect! Peters solution -using the whitelist option- is the best way for you. Put the ip on the whitelist and after 7 days you can delete it from it again because the bantime is running out.

2. You can clear the whole fail2ban log and also every banned ip from the fail2ban.sqlite3 database with the following steps:
I don't prefer this solution in your case because you are resetting every banned ip - but its a good method to reset fail2ban to point zero.
  • service fail2ban stop
  • truncate -s 0 /var/log/fail2ban.log
  • rm /var/lib/fail2ban/fail2ban.sqlite3
  • service fail2ban restart
  • done!
  • don't worry - fail2ban recreates the fail2ban.sqlite3 file after restarting the service
3. You can also manually delete the ip from the database without loosing all other banned ips and if you don't want to use whitelisting:
  • download the DB Browser for SQLite - http://sqlitebrowser.org/
  • install the DB Browser
  • download the fail2ban.sqlite3 file from your server location /var/lib/fail2ban/fail2ban.sqlite3fail2ban.sqlite3
  • start the DB Browser an open your fail2ban.sqlite3 file
  • now you need to search the database for the banned ip
  • select it an click on "delete row"
  • save the fail2ban.sqlite3 file and close the programm
  • now connect to your server with ssh and type #service fail2ban stop
  • then type #truncate -s 0 /var/log/fail2ban.log
  • then upload the edited fail2ban.sqlite3 file with your ftp back to your server /var/lib/fail2ban/fail2ban.sqlite3fail2ban.sqlite3
  • turn back to your ssh connection and type #service fail2ban restart
  • done!
Best regards
Dennis
 
You must log in or register to reply here.

Similar threads

M
Issue How to enable fail2ban for fellow other admins using the restricted mode?
Replies
5
Views
347
Sebahat.hadzhi
Sebahat.hadzhi
S
Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.
Replies
4
Views
1K
sulabhpuri
S
majdi draouil
Question How to Block Direct IP Access and Ensure All Traffic Routes Through Cloudflare
Replies
1
Views
652
Raul A.
R
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
975
andreios
andreios
W
Question How to Prevent High Connection Counts Causing High Memory Usage (Possible DDoS?)
Replies
7
Views
2K
Bitpalast
Bitpalast
Back
Top